UCSF Joins List of Schools Affected by Breaches

University advises 46,000 students, faculty and staff to be wary of identity theft.

Some 46,000 University of California, San Francisco, students, faculty and staff are being cautioned to stay on the lookout for identity theft after the school reported a possible data breach.
In late March, UCSF determined that there may have been unauthorized electronic access to a UCSF computer file server located at the University of California Office of the President, in Oakland. The system in question was immediately removed from service and is no longer at risk, university officials said in a statement.

The server contained files with personal information, including Social Security numbers, for most UCSF campus and medical center faculty, staff, and students. The information also included bank account numbers related to electronic payroll and reimbursement deposits. However, no patient information was stored on this system, university officials stated.

"There is no specific evidence that data on this server were accessed inappropriately, but we cannot rule out such access," the university said in a statement.
Why didnt encryption save TJX? Click here to find out.
UCSF joins a growing list of universities and others reporting massive data breaches. Late last year, a hacker exploited a flaw in a UCLA database, exposing data belonging to 800,000 faculty, staff and current and former students. The university reported in January the investigation revealed the hacker retrieved Social Security numbers of roughly 28,600 people in the database.

UCSF has created a Web site and telephone hotline for those potentially affected by the breach, and has attempted to contact everyone affected as well. University officials are advising victims of the breach to check their credit reports for suspicious activity and request a fraud alert in their credit file.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.